Our Blog

WordPress Vulnerability CVE-2014-6604 released on NVD

By Laura Gannon | Mar 29, 2018 | 0 Comments

Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. Published on March 29, 2018 at 01:29PMView on the National Vulnerability Database

Read More

Cybersecurity Alert released by US CERT: TA18-086A: Brute Force Attacks Conducted by Cyber Actors

By Laura Gannon | Mar 27, 2018 | 0 Comments

Published March 27, 2018 at 05:00PM on March 27, 2018 at 05:00PM at US CERT Alerts Blog: TA18-086A: Brute Force Attacks Conducted by Cyber Actors by US-CERT Original release date: March 27, 2018<br /> <h3>Systems Affected</h3> Networked systems</p> <h3>Overview</h3> <p>According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of…

Read More

WordPress Vulnerability CVE-2014-2274 released on NVD

By Laura Gannon | Mar 19, 2018 | 0 Comments

Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php. Published on March 19, 2018 at 04:29PMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-2297 released on NVD

By Laura Gannon | Mar 19, 2018 | 0 Comments

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. Published on March 19, 2018 at 04:29PMView on the National Vulnerability…

Read More

WordPress Vulnerability CVE-2014-2550 released on NVD

By Laura Gannon | Mar 19, 2018 | 0 Comments

Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php. Published on March 19, 2018 at 04:29PMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-2674 released on NVD

By Laura Gannon | Mar 19, 2018 | 0 Comments

Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php. Published on March 19, 2018 at 04:29PMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-2675 released on NVD

By Laura Gannon | Mar 19, 2018 | 0 Comments

Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php. Published on March 19, 2018 at 04:29PMView on the National Vulnerability Database

Read More

Cybersecurity Alert released by US CERT: TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

By Laura Gannon | Mar 15, 2018 | 0 Comments

Published March 15, 2018 at 08:40AM on March 15, 2018 at 08:40AM at US CERT Alerts Blog: TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors by US-CERT Original release date: March 15, 2018<br /> <h3>Systems Affected</h3> <ul><li>Domain Controllers</li><li>File Servers</li><li>Email Servers</li></ul> <h3>Overview</h3> This joint Technical Alert (TA) is the result of analytic…

Read More

WordPress Vulnerability CVE-2015-2324 released on NVD

By Laura Gannon | Feb 19, 2018 | 0 Comments

Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. Published on February 19, 2018 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2015-2329 released on NVD

By Laura Gannon | Feb 8, 2018 | 0 Comments

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. Published on February 08, 2018 at 03:29PMView on the National Vulnerability Database

Read More

Subscribe to Blog

Get Updates about new blog posts as well as the latest in WordPress Vulnerabilities.

Something went wrong. Please check your entries and try again.